I think the "easiest" solution would be modifying the DynDNS-plugin so
it opens up all IPs for a certain hostname + change the INPUT chains
into OUTPUT, although I doubt you can do this via the INPUT chain....
a.
On 11-Jun-12 16:39, Michel van Dop wrote:
> Hello,
>> Default i block the server to get some contect of port 80 and port 443. I
> use the custom-rules.
>> But sometimes i must unblock ip some cms website must communicate to a
> other server on port 80 for spam black list etc so..
>> i use this:
>> # exception to one webserver.
> /sbin/iptables -A OUTPUT -s xx.xx.xx.xx -d xx.xx.xx.xx -p tcp --dport 80
> -j ACCEPT
>> # now blokking the rest
> /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP
> /sbin/iptables -A OUTPUT -p tcp --dport 443 -j DROP
>>> This works great... But now one DNS name have more ips (load balance) how
> to accept this? I know iptables do not work for a domain name only ip.
> And sometimes the is a dns change and the iptable rule do not work.
>> Do any one have a good solution?
>> Best regards,
>> Michel
>>>>> _______________________________________________
> Firewall mailing list
>Firewall at rocky.eld.leidenuniv.nl>http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall> Arno's (Linux IPTABLES Firewall) Homepage:
>http://rocky.eld.leidenuniv.nl>